[Rjevski]

Note that a lot of the information from the BTS is already available to anyone who "asks nicely".

The mechanism that provides roaming is based on trust, so anyone connected to the SS7 network can query the location of any phone in the world and even intercept its calls. Just say to the home carrier "hey this phone is roaming on my network, would you be able to send me all of its calls and texts?".

[nawtacawp]

There was a talk/demo I saw a few years ago that went into great detail about how this works. I remember it was given by a German. Anyone know what I am talking about?

Edit: It was a video.

[freeflight]

I remember something similar, it was a presentation given at CCC in Germany. Tried searching for it on their YouTube channel, just to discover said channel was terminated for breaking YouTube ToS?!

That's really sad, their channel had videos of all the past talks from the CCC, an amazing resource that's now gone.

I think this is the one you might have been talking about: https://www.youtube.com/watch?v=lsIriAdbttc

If it's not that one then it's probably one of the "Running your own 3G/3,5G/GSM network" talks.

[striking]

https://www.youtube.com/watch?v=-wu_pO5Z7Pk

https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipula...

As seen on HN: https://news.ycombinator.com/item?id=8803998

[freeflight]

That's the one, nice find.

[fredsted]

Maybe it's this one https://media.ccc.de/v/32c3-7412-running_your_own_3g_3_5g_ne...?

[detaro]

You probably were thinking of the CCCen YouTube channel? That never was an official channel, but a copy-cat that just uploaded all the CCC stuff, and was banned for it.

[freeflight]

Yeah, I now realized this too. Still weird as CCCen had the videos organized in a more useful way, thus popping up way above in search results. At least good to know the stuff is still there.

[tyingq]

Probably Karsten Nohl. He has done many SS7 talks, so this may not be the exact one you saw: https://youtu.be/BbPLscWQ1Bw

[Rjevski]

Those are not what you're talking about but check out the slides from P1 Security about this issue: https://www.slideshare.net/p1sec/hes2010-philippe-langlois-a...

[mi100hael]

Which is also why SMS makes a poor authentication factor.

[rsync]

"The mechanism that provides roaming is based on trust, so anyone connected to the SS7 network can query the location of any phone in the world and even intercept its calls."

One of the first things I did after opening the article was to search for the string "ss7" ... was disappointed to see it mentioned zero times ...